HTTP Headers Analysis for https://getbuilt.com

Detected Technologies from Headers

See all in URL Inspect 49

Google AdSense

Chili Piper

Google Tag Manager

WP Engine

Bugsnag

Bing

G2

Salesforce Cloud

Spotify

RevenueHero

OpenStreetMap

Liveramp

HubSpot Forms Active incidents

Factors.AI

Google DoubleClick

Arcade

Google Analytics

Google Conversion Tracking

Cloudflare CDN

Google Static File Front End

Oktopost

Google API JS Client

Google Fonts

Wistia

Hotjar

ZoomInfo

Contentsquare

HubSpot Analytics Active incidents

Mapbox

Google Search

BootstrapCDN

Cloudflare Active incidents

Navattic

Demandbase

Facebook

Mouseflow

Adobe Fonts (Typekit)

Influitive

Salesforce Pardot

Google Optimize

Akamai Active incidents

CARTO

HubSpot Active incidents

Font Awesome

HubSpot Live Chat Active incidents

Sentry

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; font-src; style-src Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(), geolocation=(), microphone=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie

connection: close
transfer-encoding: chunked
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie

Caching Headers

Cache-Control

Caching

max-age=600, must-revalidate

cache-control: max-age=600, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

X-Powered-By

Server

WP Engine

server: cloudflare
x-powered-by: WP Engine

CORS Headers

Access-Control-Allow-Origin

Cors

*.mouseflow.com

access-control-allow-origin: *.mouseflow.com

Cookies Headers

Set-Cookie

Cookies

set-cookie: __cf_bm=yIsX8D1BpvE6Um_xf.lT0gwrk5cSq6A7RNvXfjE0WvQ-1777499111.1058896-1.0.1.1-p.JpnhRh3bxGvAs2UHCDy83nUtEFK_hlPqs3Pa9VdQ8sOXGMqZQq5LbX7zItPWc12T2yZCD2vkoEmuIT3S9kZWv3nCZ1MbfXKG2cDQFDc_dnGmVfcDLHcq6bV6aZWBsw; HttpOnly; Secure; Path=/; Domain=getbuilt.com; Expires=Wed, 29 Apr 2026 22:15:11 GMT

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9f417e046ac6da52-IAD

Date

Other

Wed, 29 Apr 2026 21:45:11 GMT

Link

Other

URL https://getbuilt.com/wp-json/

rel=https://api.w.org/

URL https://getbuilt.com/wp-json/wp/v2/pages/14508

rel=alternate title=JSON type=application/json

URL https://getbuilt.com/

rel=shortlink

X-Cache

Other

X-Cache-Group

Other

normal

X-Cacheable

Other

SHORT

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9f417e046ac6da52-IAD
date: Wed, 29 Apr 2026 21:45:11 GMT
link: <https://getbuilt.com/wp-json/>; rel="https://api.w.org/", <https://getbuilt.com/wp-json/wp/v2/pages/14508>; rel="alternate"; title="JSON"; type="application/json", <https://getbuilt.com/>; rel=shortlink
x-cache: HIT: 15
x-cache-group: normal
x-cacheable: SHORT

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology